This is the mail archive of the elfutils-devel@sourceware.org mailing list for the elfutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Bugzilla component missing and another (minor) fuzzing-related bug report

From: Hanno Böck <hanno at hboeck.de>
To: elfutils-devel at lists dot fedorahosted dot org
Date: Tue, 23 Jun 2015 17:44:35 +0200
Subject: Bugzilla component missing and another (minor) fuzzing-related bug report

Hi,

The elfutils webpage says:
"To report bugs: please open a bugzilla report against the elfutils
component."

However it seems the redhat bugzilla doesn't have an elfutils
component. Therefore I'm reporting it here, hope that's okay.

The attached file will cause a huge malloc allocation with elfutils' nm
tool. This will crash if you try to run it with address sanitizer.

The reason is likely that nm will try to allocate space for something
based on the header value - no matter if that value makes any sense. A
sanity check that checks in such cases if the file itself is smaller
than the supposedly allocated memory could avoid that.


Address Sanitizer trace:

==29915==ERROR: AddressSanitizer failed to allocate 0xb18002000
(47647301632) bytes of LargeMmapAllocator: 12

==19508==AddressSanitizer CHECK
failed: /var/tmp/portage/sys-devel/gcc-4.9.2/work/gcc-4.9.2/libsanitizer/sanitizer_common/sanitizer_posix.cc:66
"(("unable to mmap" && 0)) != (0)" (0x0, 0x0) #0 0x7f1a5001df90
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x5cf90) #1
0x7f1a500221f3 in __sanitizer::CheckFailed(char const*, int, char
const*, unsigned long long, unsigned long long)
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x611f3) #2
0x7f1a50027041
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x66041) #3
0x7f1a4ffddad8
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x1cad8) #4
0x7f1a5001868f in malloc
(/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x5768f) #5
0x41a421 in xmalloc /f/elfutils/elfutils-0.163/lib/xmalloc.c:52 #6
0x4089a4 in show_symbols /f/elfutils/elfutils-0.163/src/nm.c:1212 #7
0x40ce47 in handle_elf /f/elfutils/elfutils-0.163/src/nm.c:1484 #8
0x4033a6 in process_file /f/elfutils/elfutils-0.163/src/nm.c:387 #9
0x4033a6 in main /f/elfutils/elfutils-0.163/src/nm.c:248 #10
0x7f1a4f2cef9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #11
0x40438e (/old-ram/elfutils/nm+0x40438e)

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42

Attachment: elfutils-nm-malloc-fail-show_symbols.obj
Description: Binary data

Attachment: attachment.sig
Description: PGP signature

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]